The case is a concerning one, as sanctioning software developers for how the code they write is used — particularly when it comes to software intended to protect privacy — has frightening implications. Although there is some precedent in the United States that "code is speech", and merely writing and publishing code is protected by the First Amendment, that obviously does not apply to the Netherlands. A collaborator to Pertsev, Roman Storm, is set to be tried on charges of money laundering and sanctions violations in the United States in September, and that case is likely to grapple with this exact issue.
Tornado Cash developer sentenced to more than five years imprisonment in the Netherlands
Sonne Finance hacked for at least $20 million
After being alerted to the theft by several security companies, Sonne announced they had paused the contract on the Optimism Ethereum layer-2 chain.
Cypher contributor admits to stealing over $300,000 due to "crippling gambling addiction"
Cypher was hacked for $1 million in August 2023, but was able to recover around $600,000 of the stolen funds, which they promised to distribute to impact users via a redemption fund. However, over a period of months and unbeknownst to the rest of the team, hoak had been dipping into the recovered funds — taking around half of what was in the fund for himself.
After he was accused, hoak fessed up in a public statement where he wrote that his actions were a "culmination of what snowballed into a crippling gambling addiction and probably multiple other psychological factors that went by unchecked for too long." He continued: "I know likely nothing I say or do will make things better - perhaps other than rotting in jail. To address the elephant in the room, the allegations are true, I took the funds and gambled them away. I didn’t run away with it, nor did anyone else."
- "Public statement" by hoak [archive]
- "Cypher Redemption Packages Stolen" report by cobra [archive]
SEC sends Wells notice to Robinhood Crypto
In the past, Robinhood has removed cryptocurrencies from trading after they were alleged to be securities by the SEC, such as Solana (SOL), Cardano (ADA), and Polygon (MATIC) in the wake of the lawsuits against Binance and Coinbase. However, given the SEC's stance that most cryptocurrencies are securities, it seems likely that the SEC believes one or more of the 14 non-bitcoin cryptocurrencies Robinhood offers may also be a security.
Robinhood's Chief Legal Officer issued a statement that "We firmly believe that the assets listed on our platform are not securities and we look forward to engaging with the SEC to make clear just how weak any case against Robinhood Crypto would be."
GNUS.ai exploited for $1.27 million
GNUS.ai (short for "Genius", not a reference to the animal) is one of many AI-related blockchain projects that has sprung out of the recent AI hype. This particular one promises to allow people to "utiliz[e] unused cycles" on various computing devices for computation-intensive AI systems, using cryptocurrency for payments.
Cred executives indicted
Cred had claimed to customers that they engaged in only "collateralized or guaranteed lending", hedged their investments, and "comprehensive insurance", but hid that "virtually all the assets to pay the yield were generated by a single company whose business was to make unsecured micro-loans to Chinese gamers." Furthermore, they did engage in uncollateralized lending, did not hedge their investments, and did not hold insurance as they had claimed.
Around $150 million in customer funds were lost in the collapse based on prices at the time, though those crypto assets would have been priced substantially higher at various times since.
- "Former CEO, CFO, And CCO Of Cred LLC Charged With Alleged Multi-Million-Dollar Cryptocurrency-Related Wire Fraud Conspiracy", U.S. Attorney's Office, Northern District of California [archive]
Wallet loses over $72 million to address poisoning
Address poisoning is a scam tactic that takes advantage of crypto traders' tendencies to copy and paste wallet addresses from their transaction histories, since the addresses are long strings of characters that are not practical to type from memory. By creating a new wallet address with identical start and/or ending character strings to addresses used by the victim, and spamming the victim with transactions from that similar address, scammers are sometimes able to get victims to erroneously copy the spoofed address for future transfers.
That's what appears to have happened in this case, when a victim transferred 1,155 wrapped bitcoin — tokens pegged to the bitcoin price meant for use on the Ethereum blockchain — to the malicious address.
The victim and the exploiter later reached an agreement for the return of most of the funds, with the exploiter keeping $7.2 million as a "bounty".
Pike Finance exploited for $2 million in two separate attacks
The first attack, on April 26, was enabled by a flaw in the security measures related to transfers of the USDC stablecoin. An attacker was able to change the recipient address and amount, ultimately making off with almost $300,000 in the stablecoin. Pike released a postmortem two days later, acknowledging that the bug had been identified by a third-party auditor but had not been rectified by their team.
When the Pike team went to patch the smart contracts to thwart this attack, they introduced new, even worse vulnerabilities. As a result, on April 30, an attacker was able to upgrade the project's smart contracts to malicious ones, then withdraw $1.68 million in ETH, ARB, and OP tokens.
Pike Finance has offered a 20% reward for the return of the funds or information pertaining to the attacker, and has promised "a plan to make users whole". Pike, which launched in early 2024, is backed by Circle and Wormhole.
Roger Ver arrested for $50 million tax fraud
Ver was arrested in Spain, and the United States will seek his extradition.
Besides his tax woes, Ver has also been caught up in accusations by CoinFLEX that he owed the platform around $84 million after failing to meet a margin call. Ver has in turn claimed that CoinFLEX owed him money. CoinFLEX filed for restructuring in August 2022.
- "Early Bitcoin Investor Charged with Tax Fraud", U.S. Department of Justice [archive]
Changpeng Zhao sentenced to four months imprisonment
Prosecutors sought a three year sentence for Zhao, while Zhao requested to serve no time. The judge ultimately decided on a sentence closer to the five-month sentence that was being recommended by the Probation Office.